SHAREDWEALTH: A CRYPTOCURRENCY TO REWARD MINERS EVENLY

Bitcoin [19] is a decentralized cryptocurrency that has recently gained popularity and has emerged as a popular medium of exchange. The total market capitalization is around 1.5 billion US dollars as of October 2013 [28]. All the operations of Bitcoin are maintained in a distributed public global ledger known as a block chain which consists of all the successful transactions that have ever taken place. The security of a block chain is maintained by a chain of cryptographic puzzles solved by participants called miners, who in return are rewarded with bitcoins. To be successful, the miner has to put in his resources to solve the cryptographic puzzle (also known as a proof of work). The reward structure is an incentive for miners to contribute their computational resources and is also essential to the currency\u27s decentralized nature. One disadvantage of the reward structure is that the payment system is uneven. The reward is always given to one person. Hence people form mining pools where every member of the pool solves the same cryptographic puzzle and irrespective of the person who solved it, the reward is shared evenly among all the members of the pool. The Bitcoin protocol assumes that the miners are honest and they follow the Bitcoin protocol as prescribed. If group of selfish miners comes to lead by forming pools, the currency stops being decentralized and comes under the control of the selfish miners. Such miners can control the whole Bitcoin network [29]. Our goal is to address this problem by creating a distinct peer-to-peer protocol that reduces the incentives for the miners to join large mining pools. The central idea is to pay the “runners-up” who come close to finding a proof, thereby creating a less volatile payout situation. The work done by the “runners-up” can be used by other miners to find the solution of proof of work by building upon their work. Once they find the actual solution they have to include the solution of the other miner in order to get rewarded. The benefit of this protocol is that not only the miners save their computational resources but also the reward is distributed among the miners

SECURE E-MAIL SYSTEM USING S/MIME AND IB-PKC

Although e-mail security solutions have been introduced for more than two decades, most of the e-mail messages are sent nowadays without being secured by any of these techniques. This is due to the complexity of using these secure e-mail systems and protocols. The complexity mainly arises from the difficulty associated with managing certificates and public keys. The main objective of this study was to find a solution that can make secure e-mail systems easier to use while maintaining the same level of security. This paper proposes a secure e-mail system that is based on the S/MIME standard where the public key and signature algorithms have been replaced by their Identity-Based Cryptography analogue algorithms. Using Identity-Based Cryptography has eliminated the need for digital certificates, and provided a solution to the usability problem present in the existing secure e-mail systems. Users can determine the public key of the recipient without having to contact any trusted third party, and can start encrypting or verifying messages as long as they have the public system parameters that can be publicly available. Users need to contact the Private Key Generator (PKG) only once in order to retrieve their private key before being able to decrypt or sign messages

Certificateless Digital Signature Technology for e-Governance Solutions

. In spite of the fact that digital signing is an essential requirement for implementation of e-governance solutions in any organization, its use in large scale Government ICT implementation is negligible in India. In order to understand the reasons for low-level acceptance of the technology, authors performed a detailed study of a famous e-governance initiative of India. The outcome of the study revealed that the reasons are related to the challenges concerning the use of cryptographic devices carrying private key and the complicated process of generation, maintenance and disposal of Digital Signature Certificates (DSC).The solution, for the challenges understood from the case study, required implementation of a certificateless technology where private keys should be generated as and when required rather than storing them on cryptographic devices. Although many solutions which provide certificateless technology exist, to date there have been no practical implementation for using biometrics for implementing the solution. This paper presents the first realistic architecture to implement Identity Based Cryptography with biometrics using RSA algorithm. The solution presented in the paper is capable of providing a certificateless digital signature technology to the users, where public and private keys are generated on-the-fly

Data security in cloud storage services

Cloud Computing is considered to be the next-generation architecture for ICT where it moves the application software and databases to the centralized large data centers. It aims to offer elastic IT services where clients can benefit from significant cost savings of the pay-per-use model and can easily scale up or down, and do not have to make large investments in new hardware. However, the management of the data and services in this cloud model is under the control of the provider. Consequently, the cloud clients have less control over their outsourced data and they have to trust cloud service provider to protect their data and infrastructure from both external and internal attacks. This is especially true with cloud storage services. Nowadays, users rely on cloud storage as it offers cheap and unlimited data storage that is available for use by multiple devices (e.g. smart phones, tablets, notebooks, etc.). Besides famous cloud storage providers, such as Amazon, Google, and Microsoft, more and more third-party cloud storage service providers are emerging. These services are dedicated to offering more accessible and user friendly storage services to cloud customers. Examples of these services include Dropbox, Box.net, Sparkleshare, UbuntuOne or JungleDisk. These cloud storage services deliver a very simple interface on top of the cloud storage provided by storage service providers. File and folder synchronization between different machines, sharing files and folders with other users, file versioning as well as automated backups are the key functionalities of these emerging cloud storage services. Cloud storage services have changed the way users manage and interact with data outsourced to public providers. With these services, multiple subscribers can collaboratively work and share data without concerns about their data consistency, availability and reliability. Although these cloud storage services offer attractive features, many customers have not adopted these services. Since data stored in these services is under the control of service providers resulting in confidentiality and security concerns and risks. Therefore, using cloud storage services for storing valuable data depends mainly on whether the service provider can offer sufficient security and assurance to meet client requirements. From the way most cloud storage services are constructed, we can notice that these storage services do not provide users with sufficient levels of security leading to an inherent risk on users\u27 data from external and internal attacks. These attacks take the form of: data exposure (lack of data confidentiality); data tampering (lack of data integrity); and denial of data (lack of data availability) by third parties on the cloud or by the cloud provider himself. Therefore, the cloud storage services should ensure the data confidentiality in the following state: data in motion (while transmitting over networks), data at rest (when stored at provider\u27s disks). To address the above concerns, confidentiality and access controllability of outsourced data with strong cryptographic guarantee should be maintained. To ensure data confidentiality in public cloud storage services, data should be encrypted data before it is outsourced to these services. Although, users can rely on client side cloud storage services or software encryption tools for encrypting user\u27s data; however, many of these services fail to achieve data confidentiality. Box, for example, does not encrypt user files via SSL and within Box servers. Client side cloud storage services can intentionally/unintentionally disclose user decryption keys to its provider. In addition, some cloud storage services support convergent encryption for encrypting users\u27 data exposing it to “confirmation of a file attack. On the other hand, software encryption tools use full-disk encryption (FDE) which is not feasible for cloud-based file sharing services, because it encrypts the data as virtual hard disks. Although encryption can ensure data confidentiality; however, it fails to achieve fine-grained access control over outsourced data. Since, public cloud storage services are managed by un-trusted cloud service provider, secure and efficient fine-grained access control cannot be realized through these services as these policies are managed by storage services that have full control over the sharing process. Therefore, there is not any guarantee that they will provide good means for efficient and secure sharing and they can also deduce confidential information about the outsourced data and users\u27 personal information. In this work, we would like to improve the currently employed security measures for securing data in cloud store services. To achieve better data confidentiality for data stored in the cloud without relying on cloud service providers (CSPs) or putting any burden on users, in this thesis, we designed a secure cloud storage system framework that simultaneously achieves data confidentiality, fine-grained access control on encrypted data and scalable user revocation. This framework is built on a third part trusted (TTP) service that can be employed either locally on users\u27 machine or premises, or remotely on top of cloud storage services. This service shall encrypts users data before uploading it to the cloud and decrypts it after downloading from the cloud; therefore, it remove the burden of storing, managing and maintaining encryption/decryption keys from data owner\u27s. In addition, this service only retains user\u27s secret key(s) not data. Moreover, to ensure high security for these keys, it stores them on hardware device. Furthermore, this service combines multi-authority ciphertext policy attribute-based encryption (CP-ABE) and attribute-based Signature (ABS) for achieving many-read-many-write fine-grained data access control on storage services. Moreover, it efficiently revokes users\u27 privileges without relying on the data owner for re-encrypting massive amounts of data and re-distributing the new keys to the authorized users. It removes the heavy computation of re-encryption from users and delegates this task to the cloud service provider (CSP) proxy servers. These proxy servers achieve flexible and efficient re-encryption without revealing underlying data to the cloud. In our designed architecture, we addressed the problem of ensuring data confidentiality against cloud and against accesses beyond authorized rights. To resolve these issues, we designed a trusted third party (TTP) service that is in charge of storing data in an encrypted format in the cloud. To improve the efficiency of the designed architecture, the service allows the users to choose the level of severity of the data and according to this level different encryption algorithms are employed. To achieve many-read-many-write fine grained access control, we merge two algorithms (multi-authority ciphertext policy attribute-based encryption (MA- CP-ABE) and attribute-based Signature (ABS)). Moreover, we support two levels of revocation: user and attribute revocation so that we can comply with the collaborative environment. Last but not least, we validate the effectiveness of our design by carrying out a detailed security analysis. This analysis shall prove the correctness of our design in terms of data confidentiality each stage of user interaction with the cloud

Telecommunication Network Security

YesOur global age is practically defined by the ubiquity of the Internet; the worldwide interconnection of cyber networks that facilitates accessibility to virtually all ICT and other elements of critical infrastructural facilities, with a click of a button. This is regardless of the user’s location and state of equilibrium; whether static or mobile. However, such interconnectivity is not without security consequences. A telecommunication system is indeed a communication system with the distinguishing key word, the Greek tele-, which means "at a distance," to imply that the source and sink of the system are at some distance apart. Its purpose is to transfer information from some source to a distant user; the key concepts being information, transmission and distance. These would require a means, each, to send, convey and receive the information with safety and some degree of fidelity that is acceptable to both the source and the sink. Chapter K begins with an effort to conceptualise the telecommunication network security environment, using relevant ITU-T2* recommendations and terminologies for secure telecommunications. The chapter is primarily concerned with the security aspect of computer-mediated telecommunications. Telecommunications should not be seen as an isolated phenomenon; it is a critical resource for the functioning of cross-industrial businesses in connection with IT. Hence, just as information, data or a computer/local computer-based network must have appropriate level of security, so also a telecommunication network must have equivalent security measures; these may often be the same as or similar to those for other ICT resources, e.g., password management. In view of the forgoing, the chapter provides a brief coverage of the subject matter by first assessing the context of security and the threat-scape. This is followed by an assessment of telecommunication network security requirements; identification of threats to the systems, the conceivable counter or mitigating measures and their implementation techniques. These bring into focus various cryptographic/crypt analytical concepts, vis a vis social engineering/socio-crypt analytical techniques and password management. The chapter noted that the human factor is the most critical factor in the security system for at least three possible reasons; it is the weakest link, the only factor that exercises initiatives, as well as the factor that transcends all the other elements of the entire system. This underscores the significance of social 2*International Telecommunications Union - Telecommunication Standardisation Sector 12 engineering in every facet of security arrangement. It is also noted that password security could be enhanced, if a balance is struck between having enough rules to maintain good security and not having too many rules that would compel users to take evasive actions which would, in turn, compromise security. The chapter is of the view that network security is inversely proportional to its complexity. In addition to the traditional authentication techniques, the chapter gives a reasonable attention to locationbased authentication. The chapter concludes that security solutions have a technological component, but security is fundamentally a people problem. This is because a security system is only as strong as its weakest link, while the weakest link of any security system is the human infrastructure. A projection for the future of telecommunication network security postulates that, network security would continue to get worse unless there is a change in the prevailing practice of externality or vicarious liability in the computer/security industry; where consumers of security products, as opposed to producers, bear the cost of security ineffectiveness. It is suggested that all transmission devices be made GPS-compliant, with inherent capabilities for location-based mutual authentication. This could enhance the future of telecommunication security.Petroleum Technology Development Fun

Management of Identity and Access in the Cloud

Cloud computing is new technology that provides cheaper, easier, and more powerful processes to customers over internet. The cloud service provider (CSP) provides virtualized resources on Internet instead of using software or storage on a local computer. The economic benefits are the main reason for using cloud computing. Cloud computing dynamically delivers everything as a service (XaaS) over the internet based on user demand, such as network, operating system, storage, hardware, software, and resources. Thus, many security and privacy issues must be taken into consideration. The services of cloud computing are usually classified into three types: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). This paper aims to achieve two main goals. The first is to review the field of cloud computing with an emphasis on the identity and access management (IAM) in the cloud. Secondly, we will report on our ongoing work for developing a novel system for IAM based on the techniques of Identity-Based Cryptography (IBC) security mediated cryptography. The proposed system architecture will be outlined along with some of the major operational steps

Data storage security and privacy in cloud computing: A comprehensive survey

Cloud Computing is a form of distributed computing wherein resources and application platforms are distributed over the Internet through on demand and pay on utilization basis. Data Storage is main feature that cloud data centres are provided to the companies/organizations to preserve huge data. But still few organizations are not ready to use cloud technology due to lack of security. This paper describes the different techniques along with few security challenges, advantages and also disadvantages. It also provides the analysis of data security issues and privacy protection affairs related to cloud computing by preventing data access from unauthorized users, managing sensitive data, providing accuracy and consistency of data store

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management